Format: 1.8 Date: Wed, 31 Jul 2019 09:19:23 -0400 Source: sigil Binary: sigil sigil-data Architecture: s390x Version: 0.9.9+dfsg-1ubuntu0.1~esm1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: sigil - multi-platform ebook editor sigil-data - multi-platform ebook editor - data files Changes: sigil (0.9.9+dfsg-1ubuntu0.1~esm1) bionic-security; urgency=medium . * SECURITY UPDATE: Zip Slip directory traversal when processing a crafted EPUB file - debian/patches/CVE-2019-14452-1.patch: do not allow zip files to have upward relative path sections. - debian/patches/CVE-2019-14452-2.patch: further harden against malicious epubs and produce error message. - debian/patches/CVE-2019-14452-3.patch: harden plugin unzipping to zip-slip attacks. - CVE-2019-14452 Checksums-Sha1: 73a7c14af083a07048b6d86b7ca09a2918b8de1d 25339540 sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.ddeb cd356cee56bcd8c2e48c719fa419b8e92befeadc 13578 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.buildinfo e79a80f08bdbc98b73fc5c78f43421722b169b44 1683356 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.deb Checksums-Sha256: 20bc3b7d36a5a017ec4e0c32f869c7f098e99ed4512cde5b607cebf693b0de53 25339540 sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.ddeb 9a55aefef97bc80ca0ca183d8a9e0e8bc5a1d5a36fbed268b5f5f5ffe09702dd 13578 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.buildinfo f75fa0802dd1fb9a7e83f057261cf5f07cf0b7f9f6343d1282d0c0459342f25f 1683356 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.deb Files: b82e6274cbe064ccbbdb45ad9ee45cd2 25339540 debug optional sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.ddeb 72afadea12d2677a92a87da07398e058 13578 editors optional sigil_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.buildinfo 29b41638dc987af277353f5195920231 1683356 editors optional sigil_0.9.9+dfsg-1ubuntu0.1~esm1_s390x.deb Original-Maintainer: Mattia Rizzolo